i'm currently learning how to use react, so i'm creating a blog using a MERN stack. The blog only has 1 admin user to post on it, and I wanted to know, how do I secure the mongoose calls? as anyone using postman can use the URIs to post / delete, right? Im still a bit new to security and such so i'm trying to make sure that I understand how this works. How would I make it that somebody can't just use postman to create new posts if they know the URI, and only the 1 admin of the blog can?
Asked
Active
Viewed 28 times
0
-
The URI alone isn't enough, they'll have to pass a valid authentication token too. – Martheen Jun 14 '21 at 04:29
-
Is that built into mongoose / mongodb / express? Because I haven't added anything to do with auth yet – OnionMan1934 Jun 14 '21 at 04:42
-
Get an authentication middleware for Express. – Martheen Jun 14 '21 at 04:47